IRIS

Cybercrime activities are supported by infrastructures and services originating from an underground economy. The current understanding of this phenomenon is that the cybercrime economy ought to be fraught with information asymmetry and adverse selection problems. They should make the effects that we observe every day impossible to sustain. In this paper we show that the market structure and design used by cyber criminals have evolved towards a market design that is similar to legitimate, thriving, on-line forum markets such as eBay. We illustrate this evolution by comparing the ‘market regulatory mechanisms’ of two underground forum markets: a failed market for credit cards and other illegal goods and another, extremely active marketplace for vulnerabilities, exploits, and cyber attacks in general. The comparison shows that cybercrime markets evolved from unruly, ‘scam for scammers’ market mechanisms to mature, regulated mechanisms that greatly favors trade efficiency.

Then and now: on the maturity of the cybercrime markets: the lesson that black-hat marketeers learned / Allodi, Luca; Corradin, Marco; Massacci, Fabio. - In: IEEE TRANSACTIONS ON EMERGING TOPICS IN COMPUTING. - ISSN 2168-6750. - 2016, 4:1(2016), pp. 35-46. [10.1109/TETC.2015.2397395]

Then and now: on the maturity of the cybercrime markets: the lesson that black-hat marketeers learned

Allodi, Luca;Massacci, Fabio
2016-01-01

Abstract

Cybercrime activities are supported by infrastructures and services originating from an underground economy. The current understanding of this phenomenon is that the cybercrime economy ought to be fraught with information asymmetry and adverse selection problems. They should make the effects that we observe every day impossible to sustain. In this paper we show that the market structure and design used by cyber criminals have evolved towards a market design that is similar to legitimate, thriving, on-line forum markets such as eBay. We illustrate this evolution by comparing the ‘market regulatory mechanisms’ of two underground forum markets: a failed market for credit cards and other illegal goods and another, extremely active marketplace for vulnerabilities, exploits, and cyber attacks in general. The comparison shows that cybercrime markets evolved from unruly, ‘scam for scammers’ market mechanisms to mature, regulated mechanisms that greatly favors trade efficiency.
2016
IEEE TRANSACTIONS ON EMERGING TOPICS IN COMPUTING
1
2-s2.0-84963781322
WOS:000390195500006
Allodi, Luca; Corradin, Marco; Massacci, Fabio
Then and now: on the maturity of the cybercrime markets: the lesson that black-hat marketeers learned / Allodi, Luca; Corradin, Marco; Massacci, Fabio. - In: IEEE TRANSACTIONS ON EMERGING TOPICS IN COMPUTING. - ISSN 2168-6750. - 2016, 4:1(2016), pp. 35-46. [10.1109/TETC.2015.2397395]
File in questo prodotto:
File Dimensione Formato  
TETCS-14.pdf

accesso aperto

Descrizione: Articolo
Tipologia: Post-print referato (Refereed author’s manuscript)
Licenza: Tutti i diritti riservati (All rights reserved)
Dimensione 7.26 MB
Formato Adobe PDF
Visualizza/Apri
7.26 MB Adobe PDF Visualizza/Apri
07044581.compressed.pdf

Solo gestori archivio

Tipologia: Versione editoriale (Publisher’s layout)
Licenza: Tutti i diritti riservati (All rights reserved)
Dimensione 938.2 kB
Formato Adobe PDF
  Visualizza/Apri
938.2 kB Adobe PDF   Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11572/117155
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 19
  • ???jsp.display-item.citation.isi??? 10
social impact